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DETAILED ACTION 
1. Claims 1-47, 49-62, 64-99 and 101-1 14 are pending. 



Continued Examination Under 3 7 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1 .1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 10/31/2007 has been entered. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

4. Claims 50, 51, 102 and 103 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claims 50, 51, 102 and 103 are directed to computer programs, i.e., software per se, 
which are not physical "things". They are neither computer components nor statutory processes, 
as they are not "acts" being performed. Such claimed computer programs do not define any 
structural and functional interrelationships between the computer program and other claimed 
elements of a computer which permit the computer program's functionality to be realized. In 
contrast, a claimed storage computer-readable medium encoded with a computer program is a 
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computer element which defines structural and functional interrelationships between the 
computer program and the rest of the computer which permit the computer program's 
functionality to be realized, and is thus statutory. 

Particularly, although claims 50 and 102 recite "a computer system", however, the rest of 
the claims recite multiple "software portions", i.e., software per se. As to claims 51 and 103, 
although the preambles of the claims recite "a computer system", and the limitations of the 
claims recites "means for", however, the specification discloses the system can be a software 
alone, i.e., in this instant, the computer system is a software program. 

Claim Rejections - 35 USC § 112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 50-62, 101-1 14 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 50, 51, 52, 64, 101-104 are directed to software. However, the specification 
discloses "wherever a component of the present invention is implemented as the software, the 
component can be implemented as . . . and/or in every and any other way known now or in the 
future to those of skill in the art of the computer programming ", the above underline description 
renders the claims indefinite since no one know what will be happen in the future. 

Claims 42-46 and 94-98 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
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applicant regards as the invention. Claim 42 recites "wherein the at least one dynamically 
alterable condition dependent rule that specifies the desired behavior for the software component 
is static" which is not clear and conflict within the claim itself. If a rule is dynamically alterable, 
how can it also be static? The specification seems to disclose there are two types of rules, static 
rules and dynamic rules. Claims 43, 94 and 95 contain similar language as claim 42, and 
therefore are rejected under the same ground of rejection. 

Claims 44-46 and 96-98 depend on claims 43 and 95, respectively and fail to remedy the 
deficiencies of claims 43 and 95 above. 

Claims 45 and 97 recite "wherein modifying the at least one dynamically alterable 
condition dependent rule . . . responding to an attempt by the software component to access 
specific data, bv creating a rule that specifies that the software component cannot access other 
data", however, the specification does not support the above limitation. The specification seems 
to disclose responding to an attempt by the software component to access specific data, consult 
dynamic rule that specifies that the software component cannot access other data. 

Claims 46 and 98 recites "wherein modifying the at least one dynamically alterable 
condition dependent rule . . . responding to an attempt by the software component to access 
specific data, by creating a rule that specifies that the software component cannot perform certain 
functionality", however, the specification does not support the above limitation. The 
specification seems to disclose responding to an attempt by the software component to access 
specific data, consult dynamic rule that specifies that the software component cannot perform 
certain functionality. 

Claims are rejected as best understood by examiner. 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 1-5, 8-9, 13-17, 19, 26-28, 30, 35-39, 40- 47, 49-54, 58-60, 64-69, 71, 78-80, 82, 
87-91, 92-99, 101-106 and 110-112 are rejected under 35 U.S.C. 103(e) as being anticipated 
by Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 2002/0091798 Al). 

As to claim 1, Deianov teaches intercepting a service request (intercepting the system 
call; col. 3, lines 30-31 and col. 6, lines 28-38) made by a software component (processes 107; 
col. 6, lines 46-48 and col. 8, lines 15-16), evaluating the service request based on at least one 
rule (selectively intercept system calls; col. 6, lines 35-45), an original or modified data in the 
service request (process identifier; col. 7, lines 9-23. Notes that "or" is used, so meeting one of 
the two meet the limitation), and at least one of a present software system state (examiners the 
execution flag 131 ... executing; col. 8, lines 29-31) and a past software system state (the 
interception module ... wrapper 125; col. 8, lines 16-19), dynamically selecting at least one 
desired behavior from among several behaviors for the software component based on the 
evaluation (execute the system call wrapper, or execute the system call 115 when the call was 
made by the wrapper; col. 8, lines 21-34), and dynamically controlling the software component 
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such that the software component executes the desired behavior (execute system call wrapper or 
execute the actual system call; col. 8, lines 16-55). 

Deianov does not teach dynamically alterable condition dependent rule. However, Joshi 
teaches dynamically condition dependent rule (A Delegated ... policy domain; page 5, paragraph 
95 and 97 and page 24, paragraph 237). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to apply the teaching of Joshi to the system of Deianov because "dynamic alterable 
condition dependent rule" would provide the system of Deianov with the ability to update the 
rules which is more flexible in access management for a network system. 

As to claim 2, Deianov teaches intercepting a service request comprises intercepting a 
software supported system call (system call; col. 3, lines 30-31 and col. 6, lines 28-38). 

As to claim 3, Deianov teaches intercepting a software supported system call further 
comprises redirecting an entry in an interrupt vector table to alternative code (replace the pointer 
... executes instead; col. 6, lines 21-27). 

As to claim 4, Deianov teaches intercepting a hardware supported system call (access of 
the system hardware; col. 1, lines 31-40). 
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As to claim 5, Deianov teaches intercepting a hardware supported system call further 
comprises redirecting an entry in an interrupt vector table to alternative code (system call 
wrapper; col. 1, line 67 - col. 2, line 2 and col. 6, lines 21-27). 

As to claim 8, Deianov teaches intercepting a subroutine based service (a system call is a 
subroutine; col. 1 , lines 3 1 -40). 

As to claim 9, Deianov teaches intercepting a subroutine based service further comprises 
redirecting the subroutine call instruction to alternative code (system call wrapper; col. 1, line 67 
- col. 2, line 2 and col. 6, lines 21-27). 

As to claim 13, Deianov teaches executing alternative code in response to intercepting the 
service request (When a process makes a system call ... of the calling process; col. 8, lines 15- 
28). 

As to claim 14, Deianov teaches executing alternative code in addition to calling the 
service request (When a process makes a system call ... of the calling process; col. 8, lines 15-28 
and the system call was made by the wrapper; col. 8, lines 44-55). 

As to claim 15, Deianov teaches the alternative code performs an operation with a same 
purpose as that of the service request (inherent from the wrapper makes the system call; col. 8, 
lines 44-55). 
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As to claim 16, Deianov teaches the alternative code performs an operation with a 
different purpose from that of the service request (inherent from the wrapper may or may not 
make the system call; col. 8, lines 44-55). 

As to claim 17, Deianov teaches preventing execution of the service request (col. 2, lines 

8-15). 

As to claim 19, Deianov teaches preventing code that executes in response to interception 
of the service request from accessing at least some data (col. 2, lines 8-15). 

As to claim 26, see rejection of claim 13 above. 

As to claim 27, see rejection of claim 14 above. 

As to claim 28, see rejection of claim 17 above. 

As to claim 30, see rejection of claim 19 above. 

As to claim 35, Deianov teaches preventing code that executes in response to interception 
of the service request from accessing a system resource (col. 2, lines 3-13). 
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As to claim 36 5 Deianov teaches the system resource comprises a network (opening a 
network communication channel; col. 1, lines 36-39). 

As to claim 37, Deianov teaches the system resource comprises a storage media (reading 
data from a file; col. 1, lines 36-39). 

As to claim 38, Deianov teaches the system resource comprises a file system (file system; 
col. 2, lines 9-10). 

As to claim 39, Deianov teaches the system resource comprises a specific file (reading 
data from a file; col. 1, lines 36-39). 

As to claim 40, Deianov does not teach the system resource comprises configuration 
information. Deianov teaches system calls can access system hardware or software resources, file 
system (col 1, lines 31-39 and col. 2, lines 9-19). It would have been obvious that the system 
resource also include configuration information. 

As to claim 41, Deianov does not teach the configuration information comprises registry 
data. However, it is well known in the art that the configuration information includes registry 
data 
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As to claim 42, Deianov teaches at least one condition dependent rule that specifies the 
desired behavior for the software component is static (list of selected process; col. 7, line 66 - 
col. 8, line 11). 

As to claim 43, see rejection of claim 42 above. Deianov does not teach wherein 
dependant rules that specify the desired behavior for the software component comprise of 
dynamic rules. Joshi teaches dependant rules that specify the desired behavior for the software 
component comprises a dynamic rules (A Delegated ... policy domain; page 5, paragraph 95 and 
97 and page 24, paragraph 237). 

As to claim 44, Deianov does not teach modifying the dynamic rules in response to 
behavior of the software component . However, Joshi teaches modifying the dynamic rules in 
response to behavior of the software component (page 6, paral03). 

As to claim 45, Deianov does not teach wherein modifying the dynamic rules further 
comprises responsive to an attempt by the software component to access specific data, creating a 
rule that specifies that the software component cannot access other data. Joshi teaches responsive 
to an attempt by the software component, consulting a rule that specifies whether the software 
component can or cannot access other data (page 5, section 97). 

As to claim 46, Deianov does not teach wherein modifying the dynamic rules further 
comprises responsive to an attempt by the software component to access specific data, creating a 
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rule that specifies that the software component cannot perform certain functionality. Joshi 
teaches responsive to an attempt by the software component, creating a rule that specifies 
whether the software component cannot perform certain functions (page 5, section 0097), 

As to claim 47, Deianov teaches wherein the rules that specify the desired behavior for 
the software component are based on at least one of the following criteria: a user with which the 
software component is associated; identity of the software component; a time at which the 
software component is executing; history of the software component; a source of the software 
component; data which the software component attempts to access; functionality that software 
component attempts to execute; and computer network resources that the software component 
attempts to access (determining the calling process 107; col. 7, lines 7-23. It is noted that the 
reference needs only teach one of the above criteria). 

As to claim 49, Deianov teaches an intercepting module (interception module), 
intercepting a service request made by a software component (intercepting the system call; col. 3, 
lines 30-31 and col. 6, lines 28-38 and processes 107; col. 6, lines 46-48 and col. 8, lines 15-16), 
an altered states engine (interception module 111, initialization module 123; col. 7, lines 7-9), for 
evaluating the service request based on at least one rule (selectively intercept system calls; col. 6, 
lines 35-45), an original or modified data in the service request (process identifier; col. 7, lines 9- 
23. Notes that "or" is used, so meeting one of the two meet the limitation), and at least one of a 
present software system state (examiners the execution flag 131 ... executing; col. 8, lines 29-31) 
and a past software system state (the interception module ... wrapper 125; col. 8, lines 16-19), 
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for dynamically selecting at least one desired behavior from among several behaviors for the 
software component (execute the system call wrapper, or execute the system call 115 when the 
call was made by the wrapper; col. 8, lines 21-34), alternative code for executing in response to 
an intercepted service request made by the software component (system call wrapper; col. 5, 
lines 52-53), for controlling the software component such that the software component executes 
the desired behavior (col. 8, lines 16-28), the alternative code being coupled to the altered states 
engine (col. 8, lines 56-58). Deianov further teaches the interception module provides the 
functionality of the intercepting module and the altered state engine (intercepting the system call; 
col. 3, lines 30-31 and interception module 111, initialization module 123; col. 7, lines 7-9). It 
would have been obvious to one of ordinary skill in the art that the interception module can be 
implemented as the intercepting module and the altered state engine for easier maintain. 

Deianov does not teach dynamic alterable condition dependent rule, the altered states 
engine being coupled to the interception module, at least one rules database, for storing at least 
one dynamically alterable condition dependent rules, the rules database being coupled to the 
altered states engine. However, Joshi teaches dynamically condition dependent rule (A 
Delegated ... policy domain; page 5, paragraph 95 and 97 and page 24, paragraph 237 at least 
one rules database, for storing at least one dynamically alterable condition dependent rules 
(Directory Server; page 6, paragraph 103), the altered states engine (state machine; page 14, 
paragraph 175 - page 15, paragraph 176). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to apply the teaching of Joshi to the system of Deianov because "dynamic alterable 
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condition dependent rule" would provide the system of Deianov with the ability to update the 
rules which is more flexible in access management for a network system. 

As to computer system claim 50, it is the same as the method claim of claim 1 and is 
rejected under the same ground of rejection. 

As to computer system claim 51, see rejection of claim 50 above. 

As to claim 52, see rejection of claim 1 above. Deianov further teaches a computer 
readable medium on which the program codes are stored (inherent from "an interception module 
is loaded into the operating system"; col. 3, lines 34-36 and col. 5, line 63 - col. 6, line 4). 

As to claim 53, see rejection of claim 13 above. 

As to claim 54, see rejection of claim 19 above. 

As to claims 58-60, see rejections of claims 26-28 above. 

As to claim 64, see rejection of claim 1 above. Deianov further teach an altered state 
engine (The initialization module; col. 7, lines 30-36). 

As to claims 65-69, see rejections of claims 13-17 above. 
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As to claim 71, see rejection of claim 19 above. 

As to claims 78-80, see rejections of claims 26-28 above. 

As to claim 82, see rejection of claim 30 above. 

As to claims 87-94, see rejections of claims 35-42 above. 

As to claims 95-98, see rejections of claims 43-46 above. 

As to claims 99 and 101-106, see rejections of claims 47 and 49-54 above. 

As to claims 110-112, see rejections of claims 58-60 above. 

9. Claims 6-7 and 10-12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 2002/0091798 Al) further 
in view of APA (Admitted Prior Art). 

As to claim 6, Deianov does not teach intercepting a service request comprises 
intercepting a software library based subroutine call. APA teaches intercepting a service request 
comprises intercepting a software library based subroutine call (page 9, lines 13-15). It would 
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have been obvious to one of ordinary skill in the art to combine the teaching of Deianov and 
APA because this would improve the system of Deianov by allowing intercepting different type 
of service requests, not only the system calls. 

As to claim 7, Deianov does not teach intercepting a software library based subroutine 
call further comprises modifying at least one dynamically linked library. APA teaches 
intercepting a software library based subroutine call further comprises modifying at least one 
dynamically linked library (page 9 5 lines 13-15). 

As to claim 10, Deianov does not teach intercepting a subroutine base service further 
comprises patching machine language entry code of the subroutine. APA teaches intercepting a 
subroutine base service further comprises patching machine language entry code of the 
subroutine (page 9, lines 15-16). 

As to claim 11, Deianov does not teach intercepting a service request comprises 
intercepting a service dispatch mechanism based on dynamic name resolution. APA teaches 
intercepting a service request comprises intercepting a service dispatch mechanism based on 
dynamic name resolution (page 9, lines 17-18). 

As to claim 12, Deianov does not teach intercepting a service dispatch mechanism based 
on dynamic name resolution further comprises modifying service lookup name space. APA 
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teaches intercepting a service dispatch mechanism based on dynamic name resolution further 
comprises modifying service lookup name space (page 9, lines 17-18). 

10. Claims 20-23, 31-32, 55, 72-75, 83-84 and 107 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 
2002/0091798 Al) further in view of Chieu et al. (U.S. 6,587,888 Bl). 

As to claim 20, Deianov does not teach allowing code that executes in response to 
interception of the service request to access alternative data, different from requested data. Chieu 
teaches allowing code that executes in response to interception of the service request to access 
alternative data, different from requested data (col. 5, lines 41-43). It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to combine the teaching of 
Deianov and Chieu because Chieu provides a method to implementing a dynamic software 
wrapper for discovery of non-exported functions and subsequent method interception. 

As to claim 21, Deianov does not explicitly teach the alternative data comprises a copy of 
at least some data. Chieu teaches the alternate data comprises a copy of at least some data (col. 5, 
lines 41-43). 

As to claim 22, Deianov teaches code that executes in response to the interception of the 
service request comprises at least alternative code (The interception module ... of the calling 
process; col. 8, lines 16-28). 
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As to claim 23, Deianov teaches code that executes in response to the interception of the 
service request comprises at least the service request (col. 8, lines 15-28 and lines 44-46). 

As to claims 3 1 -32, see rejections of claims 20-2 1 above. 

As to claim 55, see rejection of claim 20 above. 

As to claims 72-75, see rejections of claims 20-23 above. 

As to claims 83-84, see rejections of claims 31-32 above. 

As to claim 107, see rejections of claim 55 above. 

11. Claims 18, 29, 61, 70, 81 and 113 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 
2002/0091798 Al) and Chieu et al. (U.S. 6,587,888 Bl) further in view of Smale (U.S. 
5,764,985). 



As to claim 18, Deianov does note teach returning a value to the software component so 
as to simulate execution of the service request, without actually calling the service request. 
Smale teaches returning a value to the software component so as to simulate execution of the 
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service request, without actually calling the service request (col. 5, lines 15-20). It would have 
been obvious to one of ordinary skill in the art to combine the teaching of Deianov and Smale 
because Smale provides a method to provide extended functionality to the lower level functions. 

As to claim 29, see rejection of claim 18 above. 

As to claim 61, see rejection of claim 29 above. 

As to claim 70, see rejection of claim 1 8 above. 

As to claim 81, see rejection of claim 29 above. 

As to claim 1 13, see rejection of claim 61 above. 

12. Claims 24-25, 56-57, 76-77 and 108-109 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 
2002/0091798 Al) further in view of Fin et al (U.S. 5,537,548). 

As to claim 24, Deianov does not teach passing alternative parameters to code that 
executes in response to interception of the service request. Fin teaches passing alternative 
parameters to code that executes in response to interception of the service request (col. 4, lines 
56-59). It would have been obvious to one of ordinary skill in the art at the time the invention 
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was made to combine the teaching of Deianov and Fin because Fin provides a method to modify 
the pass-in arguments to be processed by the new functions/codes. 

As to claim 25 , Fin teaches creating the alternative parameters by modifying original 
parameters passed to the service request (col. 4, lines 56-59). 

As to claims 56-57, see rejections of claims 24-25 above. 

As to claims 76-77, see rejections of claims 56-57 above. 

As to claims 108-109, see rejections of claims 76-77 above. 

13. Claims 33-34, 62, 85-86 and 114 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Deianov et al. (U.S. 6,529,985 Bl) in view of Joshi et al (U.S. 
2002/0091798 Al) further in view of Smale (U.S. 5,764,985). 

As to claim 33, Deianov does not teach returning an alternative value to the software 
component. Smale teaches returning an alternative value to the software component (col. 5, lines 
12-20). 

As to claim 34, Smale teaches creating the alternative value by modifying a value 
returned by the service request (col. 5, lines 12-20). 
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As to claim 62, see rejection of claim 33 above. 

As to claims 85-86, see rejections of claims 33-34 above. 

As to claims 1 14, see rejection of claim 62. 

Response to Arguments 

14. Applicant's arguments with respect to claims -47, 49-62, 64-99 and 101-114 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

15. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See PTO 892. 

16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Diem K. Cao whose telephone number is (571) 272-3760. The 
examiner can normally be reached on Monday - Friday, 7:30AM - 3:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Thomson can be reached on (571) 272-3718. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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